The office just sent me to Cisco IPS training. Cisco ASA's have (linux) hardware modules that you can add for IPS -- basically the same thing that Snort does, but for additional cost, licensing, and maintenance on top of the equipment you already bought. Snort signature updates are cheap compared to Cisco's.
And when you have two Cisco ASA's in active-passive, you still manage every config item on the two IPS modules separately, including signature updates. I'm still learning how to do in Cisco IPS what I can already do in Snort. Cisco training is expen$ive and not all that great -- usually covers the last ASA/IPS version before the one you're using. In our office, we're not allowed to use GUI tools to manage the ASAs, so I also need to learn Cisco syntax which isn't covered in-depth in training classes. The one thing we rely on in our office that I haven't done with pfSense are IPSec VPNs using Active Directory for authentication. Now that pfSense has a book, what else do you need? Larry On Wed, Dec 2, 2009 at 5:04 PM, Curtis LaMasters <curtislamast...@gmail.com> wrote: >> >> Commercial support should help put Boss's worries at bay: >> >> https://portal.pfsense.org/ >> >> Between this, the mailing list and forum you are covered. >> >> Scott > > The big selling points for my Boss' were 1) cost 2) features 3) ease of use > > Cost is a no brainer. > > The features of pfSense that we needed sold the solution very easily. > Failover, Load Balancing, SNORT IDS, Proxy Filtering and an great web > based configuration engine were the key ones. All but the proxy > filtering was needed for our hosting environment and a huge selling > point for our corporate firewall was the proxy filtering (with > squidguard) to keep our users in check. > > Ease of use was huge because we didn't have to drop to CLI every time > someone needed a non standard configuration. Cough, cough Cisco.... > > Curtis LaMasters > http://www.curtis-lamasters.com > http://www.builtnetworks.com > > --------------------------------------------------------------------- > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
